[Techtalk] PAM questions: system-auth, common-*, winbind

Carla Schroder carla at bratgrrl.com
Sat Apr 30 06:33:38 EST 2005 

Thanks Colleen and Wim,

On Friday 29 April 2005 7:45 am, Wim De Smet wrote:
> On 4/29/05, Carla Schroder <carla at bratgrrl.com> wrote:
> > OK guruz, here's a chewy one for you. I am rassling with PAM and not 
winning.
> > The problem is how different distributions configure it. Red Hat has a 
master
> > PAM file called "system-auth", which I believe acts a global default.
> > Correct?
> > 
> > Now we move to Debian. Is there something similar? I see files called
> > 
> > common-account
> > common-auth
> > common-password
> > common-session
> > 
> > Do these also function as a global default?
> 
> kinda, they get included by most of the other services files.

OK, I see how it works now- just put the includes in the individual services 
files, like

@include common-auth
@include common-account
@include common-session

> 
> > 
> > The problem is configuring winbind modules for PAM. I really don't care 
for
> > the idea of configurating every single flippin' service separately for 
users
> > authenticated via winbind, I want a nice global pam config. you know, like 
in
> > the good old days of /etc/pam.conf
> 
> Well I don't think it's that bad, given that the number of services
> usually isn't very high, and it's a very flexible scheme. If you want
> to know what services don't include common-auth:
> grep '@include common-auth' * (in the pam.d dir)

It's a pain when you have a large number of clients.  :) So if I can reduce 
this to a copy-n-paste, or a rollout-via-cfengine, that will be good.

> 
> > 
> > And I dare you to find this documented anywhere that makes sense.
> > 
> 
> This one I think:
> http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html is
> very good. Also, debian has the libpam-doc package.
> 

Thanks! It's not the most complete or up-to-date documentation, but it's 
better than what I found.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
http://www.tuxcomputing.com
check out my new book, the "Linux Cookbook", the ultimate Linux user's 
and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
this message brought to you
by Libranet 2.8 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the Techtalk mailing list